Simon McVittie [Wed, 11 Jan 2017 19:28:48 +0000 (19:28 +0000)]
Update git plugin to version 3.
20141016.3 (Debian jessie)
This adds some new hooks that are never actually called in this
version, but that's harmless.
commit
59cfb9b6d0f5f60516d17c79365318711a92fb04
Author: Joey Hess <joey@kitenet.net>
Date: 2014-04-05 19:09:05 -0400
only_committed_changes could fail in a git repository merged with git merge -s ours.
commit
c1fbd66c031980f89e6b28862fe90813b1074c2e
Merge:
b5b8c5cec be3483fe9
Author: Joey Hess <joey@kitenet.net>
Date: 2014-02-23 14:19:39 -0400
Merge remote-tracking branch 'remotes/smcv/ready/git-push-origin-master'
commit
be3483fe9be559a62dd88577b3a374d55b7262f3
Author: Simon McVittie <smcv@debian.org>
Date: 2014-02-21 11:23:17 +0000
git: explicitly specify the branch to push to origin
git's behaviour when doing "git push origin" is configurable, and the
default is going to change in 2.0. In particular, if you've set
push.default to "nothing", the regression test will warn:
fatal: You didn't specify any refspecs to push, and push.default
is "nothing".
'git push origin' failed: at .../lib/IkiWiki/Plugin/git.pm line 220.
commit
d52774dd458059ba1442fdac1daf648dc4f228de
Author: intrigeri <intrigeri@boum.org>
Date: 2013-12-31 01:27:21 +0000
Do not UTF8-escape "/" in Git's diffurl: cgit does not support this.
commit
441002e3e6b7f979eb4ef1d2525add2ea308ba6a
Author: Joey Hess <joey@kitenet.net>
Date: 2013-11-16 20:48:23 -0400
deal with the case where oldrev is the same as newrev
commit
727d39b92a90619027badbd4fd28d37a51c25d16
Author: Joey Hess <joey@kitenet.net>
Date: 2013-11-16 18:56:39 -0400
fix eq
commit
654530fa8bb0937123ed526e3093170ef23f5295
Author: Joey Hess <joey@kitenet.net>
Date: 2013-11-16 17:26:20 -0400
Added only_committed_changes config setting, which speeds up wiki refresh by querying git to find the files that were changed, rather than looking at the work tree. Not enabled by default as it can break some setups where not all files get committed to git.
commit
946af13ae60da6a8688e66bbe17dd1a012e5d747
Author: Joey Hess <joey@kitenet.net>
Date: 2013-07-10 21:52:43 -0400
Pass --no-edit when used with git 1.7.8 and newer.
Not sure if this is needed to avoid it trying to run an editor. Probably
there is never a controlling terminal and probably git notices and does
nothing. But I'm just copying what I have in git-annex assistant here.
(Although with a much worse git version comparion, that only really works due
to luck.)
commit
b162563dc1c6126953e66cdcc508f389b9d39d8e
Author: Joey Hess <joey@kitenet.net>
Date: 2013-07-10 21:48:16 -0400
Deal with git behavior change in 1.7.8 and newer that broke support for commits with an empty commit message.
commit
12c9219d671c672fedcf9e9ab7f9187b23b8f7f4
Author: Shlomi Fish <shlomif@shlomifish.org>
Date: 2012-12-17 22:44:54 +0200
Fix some warnigns in recent perls.
All existing tests pass.
Simon McVittie [Mon, 9 May 2016 21:39:24 +0000 (22:39 +0100)]
Second try at 3.
20120629.2+deb7u1
Simon McVittie [Mon, 9 May 2016 20:53:10 +0000 (21:53 +0100)]
img test: exercise upper-case extensions for image files
Amitai Schlair [Sun, 8 May 2016 22:26:15 +0000 (18:26 -0400)]
Detect image type from .JPG just like .jpg (etc.).
Simon McVittie [Sun, 8 May 2016 15:31:08 +0000 (16:31 +0100)]
Simon McVittie [Sun, 8 May 2016 15:30:51 +0000 (16:30 +0100)]
debian/tests: add metadata to run the img test as an autopkgtest
Simon McVittie [Sun, 8 May 2016 14:41:35 +0000 (15:41 +0100)]
Add t/img.t regression test also taken from version 3.
20160506
(chrysn, joeyh, schmonz, smcv)
Simon McVittie [Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)]
Update img plugin to version 3.
20160506
* Update img plugin to version 3.
20160506 to mitigate ImageMagick
vulnerabilities, including remote code execution (CVE-2016-3714):
- Never convert SVG images to PNG; simply pass them through to the
browser. This prevents exploitation of any ImageMagick SVG coder
vulnerabilities. (joeyh)
- Do not resize image formats other than JPEG, PNG, GIF unless
specifically configured to do so. This prevents exploitation
of any vulnerabilities in less common coders, such as MVG. (smcv)
- Do not resize JPEG, PNG, GIF, PDF images if their extensions do
not match their "magic numbers", because wiki admins might try to
restrict attachments by extension, but ImageMagick can base its
choice of coder on the magic number. Explicitly force the
obvious ImageMagick coder to be used. (smcv)
* Minor non-security changes resulting from that update, since
reverting them seems higher-risk than keeping them:
- Add PDF support, disabled by the above changes unless specifically
configured (chrysn)
- Only render one frame or page from animated GIF or multi-page PDF
(chrysn)
- Do not distort aspect ratio when resizing small images (chrysn)
- Use data: URLs to embed images in page previews (chrysn)
- Raise an error if the image's size cannot be determined (chrysn)
- Handle filenames containing a colon correctly (smcv)
Simon McVittie [Wed, 4 May 2016 07:46:02 +0000 (08:46 +0100)]
HTML-escape error messages (CVE-2016-4561)
The instance in cgierror() is a potential cross-site scripting attack,
because an attacker could conceivably cause some module to raise an
exception that includes attacker-supplied HTML in its message, for
example via a crafted filename. (OVE-
20160505-0012, CVE-2016-4561)
The instances in preprocess() is just correctness. It is not a
cross-site scripting attack, because an attacker could equally well
write the desired HTML themselves; the sanitize hook is what
protects us from cross-site scripting here.
Simon McVittie [Mon, 6 Apr 2015 19:37:07 +0000 (20:37 +0100)]
Joey Hess [Fri, 27 Mar 2015 16:17:39 +0000 (12:17 -0400)]
Fix XSS in openid selector. Thanks, Raghav Bisht.
Conflicts:
debian/changelog
doc/bugs/XSS_Alert...__33____33____33__.html
Simon McVittie [Sat, 17 Jan 2015 11:53:49 +0000 (11:53 +0000)]
correct double-negative
Simon McVittie [Wed, 14 Jan 2015 22:11:05 +0000 (22:11 +0000)]
wheezy release candidate
Joey Hess [Fri, 2 Jan 2015 20:45:26 +0000 (16:45 -0400)]
close debian bug I opened about blogspam
Conflicts:
debian/changelog
Amitai Schlair [Sat, 3 Jan 2015 15:02:20 +0000 (10:02 -0500)]
blogspam uses JSON instead of RPC::XML now.
Amitai Schlair [Fri, 2 Jan 2015 18:55:10 +0000 (13:55 -0500)]
Update blogspam to the 2.0 API.
[backport to Debian wheezy, open-coding a simple version of useragent() -smcv]
Conflicts:
IkiWiki/Plugin/blogspam.pm
debian/changelog
Joey Hess [Sat, 8 Nov 2014 04:08:33 +0000 (00:08 -0400)]
Set Debian package maintainer to Simon McVittie as I'm retiring from Debian.
Conflicts:
debian/changelog
debian/control
Joey Hess [Fri, 29 Jun 2012 17:43:09 +0000 (13:43 -0400)]
releasing version 3.
20120629
Joey Hess [Sun, 17 Jun 2012 19:12:53 +0000 (15:12 -0400)]
cleanup
ikitest [Sun, 17 Jun 2012 19:05:09 +0000 (15:05 -0400)]
http://openid.ppke.hu/cstamas [Sun, 17 Jun 2012 00:16:22 +0000 (20:16 -0400)]
add signature
http://openid.ppke.hu/cstamas [Sun, 17 Jun 2012 00:14:19 +0000 (20:14 -0400)]
add
Question re: google search missing results
Joey Hess [Mon, 11 Jun 2012 04:47:15 +0000 (00:47 -0400)]
bug on trail plugin
spalax [Fri, 8 Jun 2012 00:56:07 +0000 (20:56 -0400)]
Added a comment: Popup listing multiple entries per day
spalax [Fri, 8 Jun 2012 00:00:58 +0000 (20:00 -0400)]
Contrib plugin created_in_future
spalax [Thu, 7 Jun 2012 23:47:45 +0000 (19:47 -0400)]
Contrib plugin monthcalendar
spalax [Thu, 7 Jun 2012 23:38:12 +0000 (19:38 -0400)]
Contrib plugin jscalendar : a javascript calendar
spalax [Thu, 7 Jun 2012 23:31:07 +0000 (19:31 -0400)]
spalax [Thu, 7 Jun 2012 23:27:38 +0000 (19:27 -0400)]
rename contrib/jscalendar.mdwn to plugins/contrib/jscalendar.mdwn
spalax [Thu, 7 Jun 2012 23:26:57 +0000 (19:26 -0400)]
rename todo/Javascript_calendar.mdwn to contrib/jscalendar.mdwn
mathdesc [Thu, 7 Jun 2012 11:11:29 +0000 (07:11 -0400)]
will put in in the forum, sry
This reverts commit
f2b421b26b9ceb68b19a11140936537353da51de
comment removal question
mathdesc [Wed, 6 Jun 2012 09:51:28 +0000 (05:51 -0400)]
mathdesc [Wed, 6 Jun 2012 09:25:35 +0000 (05:25 -0400)]
pdurbin [Tue, 5 Jun 2012 15:24:26 +0000 (11:24 -0400)]
created page: Can not advance past first page of results using search plugin
pdurbin [Tue, 5 Jun 2012 15:02:20 +0000 (11:02 -0400)]
created user page
Joey Hess [Sun, 3 Jun 2012 17:17:03 +0000 (13:17 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Sun, 3 Jun 2012 17:16:31 +0000 (13:16 -0400)]
mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or other config differences by linking to the mirror's CGI. (intrigeri)
Joey Hess [Sun, 3 Jun 2012 17:15:19 +0000 (13:15 -0400)]
Merge remote-tracking branch 'intrigeri/mirrorlist'
http://joeyh.name/ [Sun, 3 Jun 2012 17:11:12 +0000 (13:11 -0400)]
Added a comment
Joey Hess [Sun, 3 Jun 2012 17:06:45 +0000 (13:06 -0400)]
sadly still lost
Joey Hess [Sat, 2 Jun 2012 01:32:51 +0000 (21:32 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Tue, 29 May 2012 17:43:37 +0000 (13:43 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
intrigeri [Mon, 28 May 2012 09:38:28 +0000 (11:38 +0200)]
Ping'ing Joey.
Franek [Sat, 26 May 2012 19:31:19 +0000 (15:31 -0400)]
Added a comment: kind of solved, but another problem comes up
Joey Hess [Thu, 24 May 2012 20:33:15 +0000 (16:33 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
damien [Thu, 24 May 2012 11:44:02 +0000 (07:44 -0400)]
removed
damien [Thu, 24 May 2012 11:43:16 +0000 (07:43 -0400)]
Added a comment: ceci est un test
http://ismael.olea.org/ [Wed, 23 May 2012 12:31:34 +0000 (08:31 -0400)]
update for rename of todo/Olea.mdwn to users/Olea.mdwn
http://ismael.olea.org/ [Wed, 23 May 2012 12:31:33 +0000 (08:31 -0400)]
update for rename of todo/Olea.mdwn to users/Olea.mdwn
http://ismael.olea.org/ [Wed, 23 May 2012 12:31:32 +0000 (08:31 -0400)]
rename todo/Olea.mdwn to users/Olea.mdwn
http://ismael.olea.org/ [Tue, 22 May 2012 23:31:09 +0000 (19:31 -0400)]
Added a comment
http://ismael.olea.org/ [Tue, 22 May 2012 21:24:37 +0000 (17:24 -0400)]
Added a comment
Joey Hess [Tue, 22 May 2012 19:21:17 +0000 (15:21 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
http://smcv.pseudorandom.co.uk/ [Tue, 22 May 2012 13:46:20 +0000 (09:46 -0400)]
Added a comment
http://ismael.olea.org/ [Tue, 22 May 2012 10:32:26 +0000 (06:32 -0400)]
http://ismael.olea.org/ [Tue, 22 May 2012 10:30:49 +0000 (06:30 -0400)]
http://ismael.olea.org/ [Sun, 20 May 2012 11:28:07 +0000 (07:28 -0400)]
I think this is the same WMD, but not sure.
Franek [Sun, 20 May 2012 10:46:07 +0000 (06:46 -0400)]
Added a comment: Further enquiries
Joey Hess [Sun, 20 May 2012 00:35:21 +0000 (20:35 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Franek [Sat, 19 May 2012 14:51:42 +0000 (10:51 -0400)]
Added a comment: [[!meta author="...
Franek [Sat, 19 May 2012 14:44:48 +0000 (10:44 -0400)]
http://ismael.olea.org/ [Fri, 18 May 2012 18:36:08 +0000 (14:36 -0400)]
I think this is the same WMD, but not sure.
http://ismael.olea.org/ [Fri, 18 May 2012 16:34:22 +0000 (12:34 -0400)]
http://ismael.olea.org/ [Fri, 18 May 2012 16:32:42 +0000 (12:32 -0400)]
http://ismael.olea.org/ [Fri, 18 May 2012 16:30:58 +0000 (12:30 -0400)]
fixed formatting
added workaround.
Added request.
Joey Hess [Thu, 17 May 2012 17:20:55 +0000 (13:20 -0400)]
some details about past security hole
Joey Hess [Thu, 17 May 2012 03:49:23 +0000 (23:49 -0400)]
typo
Joey Hess [Thu, 17 May 2012 02:13:23 +0000 (22:13 -0400)]
ensure HTML::Entities is always loaded
(Worked ok in my tests w/o this, but not sure I tested every case,
and this is correct.)
Joey Hess [Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)]
cve
Joey Hess [Thu, 17 May 2012 00:14:03 +0000 (20:14 -0400)]
add news item for ikiwiki 3.
20120516
Joey Hess [Thu, 17 May 2012 00:13:21 +0000 (20:13 -0400)]
releasing version 3.
20120516
Joey Hess [Wed, 16 May 2012 23:54:41 +0000 (19:54 -0400)]
meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl Benencia
Joey Hess [Mon, 14 May 2012 18:14:39 +0000 (14:14 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
https://id.koumbit.net/anarcat [Sat, 12 May 2012 15:04:08 +0000 (11:04 -0400)]
https://id.koumbit.net/anarcat [Sat, 12 May 2012 15:00:47 +0000 (11:00 -0400)]
fix url
http://christian.amsuess.com/chrysn [Fri, 11 May 2012 17:50:36 +0000 (13:50 -0400)]
maybe [[|that page]]?
Joey Hess [Fri, 11 May 2012 04:19:06 +0000 (00:19 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Giuseppe Bilotta [Thu, 10 May 2012 16:42:21 +0000 (18:42 +0200)]
Get started on my user page, fix name spelling, link branches to username
Giuseppe Bilotta [Thu, 10 May 2012 16:11:30 +0000 (18:11 +0200)]
Introduce my linkbase branch
Giuseppe Bilotta [Wed, 9 May 2012 05:56:46 +0000 (07:56 +0200)]
po/Makefile: missing one semicolon still
simonraven [Tue, 8 May 2012 23:13:32 +0000 (19:13 -0400)]
http://tonybaldwin.dreamwidth.org/ [Tue, 8 May 2012 13:59:56 +0000 (09:59 -0400)]
created, asked a question